www.lesswrong.com/posts/GCHyDKfPXa5qsG2cP/human-study-on-ai-spear-phishing-campa...
1 correction found
AI-spear phishing is also highly cost-efficient, reducing costs by up to 50 times compared to manual attacks.
The paper supports up to roughly 50x higher profitability in some modeled scenarios, not a 50x reduction in costs. Its own table shows AI lowers labor time but has higher fixed per-email costs than manual phishing.
Full reasoning
This bullet changes the paper’s economic result.
The paper’s abstract says AI can “increase profitability by up to 50 times”. That is not the same as saying AI reduces costs by up to 50 times.
In the paper’s economic table, the direct per-email inputs are:
- Human expert: 30 minutes and $0.01 fixed cost
- Fully automated AI: 1 minute and $0.05 fixed cost
So the paper shows a large time reduction (about 30x versus the manual human-expert condition), but fixed costs are actually higher for AI, not lower. The “up to 50 times” figure comes from modeled profit/hour outcomes under certain assumptions, where e.g. the most favorable AI scenario is $338.6/hour versus $6.1/hour for the best non-AI manual scenario abroad—about 55x more profitable. That is a profitability comparison, not a direct cost comparison.
So the post’s wording is materially inaccurate: it converts a claim about profitability into a claim about cost reduction.
2 sources
- Evaluating Large Language Models' Capability to Launch Fully Automated Spear Phishing Campaigns: Validated on Human Subjects (arXiv abstract)
Lastly, we analyze the economics of phishing, highlighting how AI enables attackers to target more individuals at lower cost and increase profitability by up to 50 times for larger audiences.
- Evaluating Large Language Models' Capability to Launch Fully Automated Spear Phishing Campaigns: Validated on Human Subjects (HTML)
Time spent (min) 15 30 1 4:24*** ... Fixed costs $0.01 $0.01 $0.05 $0.05 ... Profit/hour (high q, abroad) -$0.6 $6.1* $338.6*** $137.9***